
<?php

include '../include/config.php';
/*
 * Key
 */
$kp = mysql_query("select * from pro where name='passkey' ");
while ($kp1 = mysql_fetch_array($kp)) {
    $key = $kp1['value'];
}

/*
 * This is signin page for baby.
 */
$username = $_POST['uname'];
$password = $_POST['password'];


/*
 * 
 * Password Encryption Technique.
 */

function _encode($password, $key) {
    $majorsalt = null;
    if ($key != '') {
        $_password = $key . $password;
    } else {
        $_password = $password;
    }
    if (function_exists('str_split')) {
        $_pass = str_split($_password);
    } else {
        $_pass = array();
        if (is_string($_password)) {
            for ($i = 0; $i < strlen($_password); $i++) {
                array_push($_pass, $_password[$i]);
            }
        }
    }

    foreach ($_pass as $_hashpass) {
        $majorsalt .= md5($_hashpass);
    }
    return $password = md5($majorsalt);
}

/*
 * find is values are empty or not.
 */
$location = 'http://' . $_SERVER['HTTP_HOST'] . '/salusbaby';
if ($username == '' || $password == '') {
//    die('fields are null');
    $error = 'fields are null';
    header('Location:' . $location . '?err=' . $error);
}
/*
 * $getid = get unique id for user.
 * $a = 0 => user not available.
 */
$getid = mysql_query("select * from fa_user where  user_name ='" . $username . "' and banned = 0 ") or die(mysql_error());
$a = mysql_num_rows($getid);
if ($a == 0) {
    //die('No such a user');
    $error = 'No Such a user or Banned.';
    header('Location:' . $location . '?err=' . $error);
} else {
    /*
     * $a!=0 => user available.
     */
    while ($row = mysql_fetch_array($getid)) {
        $realpass = $row['password'];
        $uid = $row['id'];
        $banned = $row['banned'];
    }

    /*
     * $gatme = check whether user has purchased baby account or not.
     * $a1 = 0 => not purchased.
     */
    $getme = mysql_query("select * from salus_buy_product where FK_fa_user_id= '" . $uid . "' and product_id = 2 ") or die(mysql_error());    
    $a1 = mysql_num_rows($getme);

    if ($a1 == 0) {
        $error = 'You are not member of SalusBaby ';
        header('Location:' . $location . '?err=' . $error);
    } else {
        /*
         * $getbid =  get buyer id. this is unique for baby project only.
         * $b => just for validate.
         */
        $getbid = mysql_query("select bid from baby_child_profile_detail where buyer_id='" . $uid . "' ");
        $b = mysql_num_rows($getbid);

        while ($row1 = mysql_fetch_array($getbid)) {
            $bid = $row1['bid'];
            //  setcookie("bid", $bid, time() + 3600);
           setcookie("bid", $bid, time() + 3600, "/", "192.168.1.2");
//            setcookie("bid", $bid, time() + 3600, "/", "salusbank.ch",0);
        }



        $pws = _encode($password, $key);

        if ($pws == $realpass) {
            //echo 'Welcome--------' . $username.'---'.$bid;
            $loc = 'http://' . $_SERVER['HTTP_HOST'] . '/salusbaby/user/';
                setcookie("gid", $uid, time() + 3600, "/", "192.168.1.2");
//            setcookie("gid", $uid, time() + 3600, "/", "salusbank.ch",0);

            //echo '<br>' . $_COOKIE['bid'];
            header('Location:' . $loc);
        } else {
            //die( 'wrong pass....');
            $error = 'Invalid Password.';
            header('Location:' . $location . '?err=' . $error);
        }
    }
}
?>